I use Abacas portsenty and ipchains. Portsentry watches specific ports
and when someone try's to use them they get a deny all rule set in
ipchains. Bye Bye Mr. Port Sniffer. Hehe Sniff this!!!. I wrap my
secure stuff (ssh, webmin, ftp, mysql) with ipchains rules to keep all
but a few IPs from accessing them.
----- Original Message -----
From: "Marc Matteo" <mmatteo@sacbee.com>
To: <lug-nuts@saclug.org>
Sent: Monday, January 24, 2000 6:50 AM
Subject: Re: [lug-nuts] ipchains..?
> > Huh? I'm confused/curious, could somebody tell me more about this?
How
> can
> > you stop portscanning with/from ipchains? If so, I guess you could
set
>
> Aaah, you missed our own Rick Johnson's presentation on security...
and his
> PMFirewall ipchains configuration tool.
>
> In short - IP Chains is/are a packet filtering firewall. You run
ipchains
> on your gateway box (the one that's connected to the 'net). From
there you
> can stop the bad guys from port scanning you.
>
> PMFirewall is available from http://www.pointman.org
>
> Cheers,
> Marc
> --
> Marc Matteo
> Online Technology Leader
> http://www.sacbee.com
>
> ----- Original Message -----
> From: "Ajay 'Hempstah' T" <atallam@ucdavis.edu>
> To: <lug-nuts@saclug.org>
> Sent: Monday, January 24, 2000 5:05 AM
> Subject: [lug-nuts] ipchains..?
>
>
> > Hey all,
> >
> > I was just reading this simpsons.net slashdot article, and found
something
> > this Inoshiro guy (who seems to have a lot to say, even on this one
> > article!) fairly interesting.. He said:
> >
> > Yeah, I love being a captive audience.. Considering reliable
broadband
> > is available for 40$ Cdn (28$ US) in the form of Cable Modem
access
> > through a local @Home monopoly, I don't think it's really worth
it..
> > Linux can easily provide protection from the @Home portscanning
via
> > ipchains :)
> >
> > Huh? I'm confused/curious, could somebody tell me more about this?
How
> can
> > you stop portscanning with/from ipchains? If so, I guess you could
set
> > ipchains on any/every box then, right? (Aka, including dialup)
> > Granted I'm not very familiar with ipchains or anything like that,
so/but!
> > Sorry if this question seems a little simple in nature.
> >
> > (Ohh, and for that one/last procmail question, doh! Mike had it
100%
> right, I
> > had to set SHELL, damn! I thought I had it set from a previous time
I had
> a
> > similar problem, ohh well, guess not! Thanks MikeS!!)
> >
> > -Ajay
> >
> > --
> > Tallam, Ajay Milpa, ca 1877.213.7746x4358 MooTown, HempVille
> > http://os2man.cjb.net/
> > "Hemp is of first necessity to commerce and marine, in
otherwords, to
> > the wealth and protection of the country."
> > - 1791 - Thomas Jefferson
> >
>
************************************************************************
****
> > * To UNSUBSCRIBE from the list, send a message with "unsubscribe
lug-nuts"
> > * in the message body to majordomo@saclug.org. Please direct other
> > * questions, comments, or problems to lug-nuts-owner@saclug.org.
> >
>
>
************************************************************************
****
> * To UNSUBSCRIBE from the list, send a message with "unsubscribe
lug-nuts"
> * in the message body to majordomo@saclug.org. Please direct other
> * questions, comments, or problems to lug-nuts-owner@saclug.org.
>
****************************************************************************
* To UNSUBSCRIBE from the list, send a message with "unsubscribe lug-nuts"
* in the message body to majordomo@saclug.org. Please direct other
* questions, comments, or problems to lug-nuts-owner@saclug.org.
This archive was generated by hypermail 2b29 : Fri Feb 25 2000 - 14:29:11 PST